Tails above the Rest, Part III

In my first two columns in this series, I gave an overview of Tails,
including how to get the distribution securely, and once you have it,
how to use some of the basic tools. In this final column, I
cover some of the more advanced features of Tails, such as some of its
log in options, its suite of encryption tools and the persistent disk.

Superuser and Windows Camouflage

By default, Tails operates with superuser privileges disabled. You don't
need superuser privileges to use most of Tails, as those privileges
come in handy only if you want to install extra software, modify any local
hard drives on the system or do anything else that requires
root privileges. Tails disables superuser privileges so an attacker also cannot
perform superuser functions that might threaten the security of your
system. That said, if you intend on using Tails routinely as your desktop,
you may find you want to install extra software on a persistent disk.

To enable the superuser account, at the initial login window, click the Yes
button under More options, and then click the Forward button at the bottom
of that window. In the new window, enter the administrator password in the
Password and Verify Password text boxes, and then click Login. You also
may have noticed a check box in this window to enable Windows Camouflage. This
option changes the default desktop theme to look like a default Windows XP
install. The idea here is that if you are using Tails in a public place
(like on an Internet café, library or hotel computer), at a glance, your
desktop probably will blend in with the rest.

Encryption Tools

As you might imagine, a security- and anonymity-focused distribution
like Tails provides a number of encryption tools. These include
more general-purpose tools like GNOME disk manager, which you can use
to format new encrypted volumes and the ability to mount encrypted
volumes that show up in the Places menu at the top of the desktop.
In addition to general-purpose tools, Tails also includes an OpenPGP
applet that sits in the notification area (that area of the panel at
the top right-hand section of the desktop along with the clock, sound
and network applets). The OpenPGP applet has a clipboard icon by default,
and you can think of it much like a secured clipboard in the sense that
it lets you copy and paste plain text into it and then encrypt or sign it.

The simplest way to encrypt text is via a passphrase, since you don't
have to create or import a GPG keypair into your Tails system (made even
more difficult if you don't take advantage of a persistent disk). To
encrypt with a passphrase, type the text that you want to encrypt into
a local text editor (don't type it into a Web browser window as there
is a possibility for JavaScript attacks to access what you type).
Select the text, then right-click on the clipboard icon and select
Copy. Next, click on the clipboard icon and select Encrypt Clipboard with
Passphrase. You will be presented with a passphrase dialog box where you
can enter the passphrase you want to use, and once the text is encrypted,
the clipboard icon will change to display a lock. This means that your
desktop clipboard now contains encrypted text, and you can paste it in
any other application, like a Web e-mail application, by right-clicking
in that input box and selecting Paste.

If you have copied your GPG keys to this Tails session, you also can use
the same tool to encrypt text with your keys. Once you copy the text to
the applet, just click on the applet and select Sign/Encrypt Clipboard
with Public Keys. You then will be prompted to select the keys of any
recipients you want to be able to decrypt the message. Once you finish
with this wizard, you can paste the encrypted text like with the above
passphrase option.

You also can use the same applet to decrypt text that has been encrypted
with a passphrase. To do this, select the complete encrypted section,
including the -----BEGIN PGP MESSAGE----- at the
beginning and the -----END
PGP MESSAGE----- at the end. Then, right-click on the OpenPGP applet and
select Copy. The icon should change to a lock if the text is encrypted
or a red seal if it is only signed. Then, click on the applet and select
Decrypt/Verify Clipboard. If the message is encrypted with a passphrase,
you should see an Enter passphrase dialog box. Otherwise, if the
message used public-key cryptography and you have your keypair on this
installation of Tails, you may be prompted for the passphrase to
unlock your secret key. If your passphrase or key is able to decrypt
the message successfully, you will get a GnuPG results window along with
the decrypted text.

Kyle Rankin is a director of engineering operations in the San Francisco Bay Area, the author of a number of books including DevOps Troubleshooting and The Official Ubuntu Server Book, and is a columnist for Linux Journal.

As Linux continues to play an ever increasing role in corporate data centers and institutions, ensuring the integrity and protection of these systems must be a priority. With 60% of the world's websites and an increasing share of organization's mission-critical workloads running on Linux, failing to stop malware and other advanced threats on Linux can increasingly impact an organization's reputation and bottom line.

Most companies incorporate backup procedures for critical data, which can be restored quickly if a loss occurs. However, fewer companies are prepared for catastrophic system failures, in which they lose all data, the entire operating system, applications, settings, patches and more, reducing their system(s) to “bare metal.” After all, before data can be restored to a system, there must be a system to restore it to.

In this one hour webinar, learn how to enhance your existing backup strategies for better disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible bare-metal recovery solution for UNIX and Linux systems.